F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

171

172

173

174

175

176

177

178

179

180

165

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter interface view.

interface interface-type

interface-number

N/A

3. Configure the

NAS-Port-ID value.

portal nas-port-id

nas-port-id-value

By default, no NAS-Port-ID value is specified for

an interface, and the device uses the information

obtained from the physical interface where the

portal user accesses as the NAS-Port-ID value in

a RADIUS request.

210BSpecifying a NAS ID profile for an interface

In some networks, user access points are identified by their access VLANs. Network carriers need to use

NAS-identifiers to identify user access points. With the NAS ID profile specified on an interface, when a

user logs in from the interface, the access device checks the specified profile to obtain the NAS ID that

is bound with the access VLAN. The value of this NAS ID is used as the NAS-identifier attribute in the

RADIUS packets to be sent to the RADIUS server.

The NAS ID profile defines the binding relationship between VLANs and NAS IDs. A NAS ID-VLAN

binding is defined by the nas-id id-value bind vlan vlan-id command, which is described in detail in AAA

configuration commands in Access Control Command Reference.

If no NAS-ID profile is specified for an interface or no matching binding is found in the specified profile,

the device uses the configured NAS ID as that of the interface.

To configure a NAS ID profile on an interface:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Create a NAS ID profile and

enter NAS ID profile view.

aaa nas-id profile profile-name

For more information about the

command, see Access Control

Command Reference.

3. Bind a NAS ID with a VLAN.

nas-id nas-identifier bind vlan

vlan-id

For more information about the

command, see Access Control

Command Reference.

4. Return to system view.

quit N/A

5. Enter interface view.

interface interface-type

interface-number

N/A

6. Specify a NAS ID profile for

the interface.

portal nas-id-profile profile-name

By default, an interface is specified

with no NAS ID profile.

70B

Specifying a source IP address for outgoing portal

packets

After you specify a source IP address for outgoing portal packets on an interface, the IP address is used

as the source IP address of packets that the access device sends to the portal server, and the destination

IP address of packets that the portal server sends to the access device.